CN114721933A - Hardware-based obfuscation of digital data - Google Patents

Hardware-based obfuscation of digital data Download PDF

Info

Publication number
CN114721933A
CN114721933A CN202111582192.8A CN202111582192A CN114721933A CN 114721933 A CN114721933 A CN 114721933A CN 202111582192 A CN202111582192 A CN 202111582192A CN 114721933 A CN114721933 A CN 114721933A
Authority
CN
China
Prior art keywords
tdrs
tdr
bits
secret information
information bits
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111582192.8A
Other languages
Chinese (zh)
Inventor
A·D·克龙
A·伊莱亚斯
B·C·S·雷迪
M·博扎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Synopsys Inc
Original Assignee
Synopsys Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Synopsys Inc filed Critical Synopsys Inc
Publication of CN114721933A publication Critical patent/CN114721933A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3668Software testing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Design And Manufacture Of Integrated Circuits (AREA)

Abstract

Some aspects of the present disclosure relate to implementing hardware-based obfuscation of digital data. For example, some aspects of the present disclosure relate to a method that includes performing a capture operation that loads a plurality of master input (PI) bits into corresponding shift registers of a plurality of Test Data Registers (TDRs) disposed on one or more digital semiconductor devices and configured to store a plurality of secret information bits. The method also includes performing a series of shift operations on the plurality of TDRs to obtain a plurality of output bits. The method further comprises the following steps: applying, by the authentication processor, a derivation function to the plurality of output bits to extract a plurality of secret information bits to authenticate the one or more digital semiconductor devices.

Description

Hardware-based obfuscation of digital data
RELATED APPLICATIONS
This application claims benefit OF U.S. provisional patent application No. 63/129,354 entitled "hand-base obfuel OF DIGITAL DATA," filed on 22/12/2020, and incorporated herein in its entirety.
Government licensing rights
The invention was made with government support under contract number HR0011-20-9-0043 awarded by the United states of America (U.S.) national defense advanced research program office (DARPA). The united states government has certain rights in the invention.
Technical Field
The present disclosure relates generally to Electronic Design Automation (EDA) systems. In particular, the present disclosure relates to systems and methods for providing obfuscation (obfuscation) of digital information in hardware.
Background
A hardware manufacturer may embed secret information, such as a symmetric encryption key or a seed for a cryptographic key generator, into a system on a chip (SoC) architecture. These secrets can be used to test or verify the authenticity of the SoC to one or more external devices (such as at the manufacturing site). Such testing or verification may be done after SOC manufacture and prior to any provisioning at the manufacturing site. For example, the secrets may be one or more keying materials that may be used in a protocol to authenticate with a Hardware Security Module (HSM) in the manufacturing site. This protocol (along with the secret) may be used to establish evidence that the SoC and HSM are able to perform subsequent steps in the provisioning process.
Hiding or obfuscating these secrets is a challenge for most manufacturers. In order to maintain a high level of security, obfuscation methods are generally considered confidential and proprietary.
Disclosure of Invention
Some aspects of the present disclosure relate to a method for implementing hardware-based obfuscation of digital data. For example, some aspects of the present disclosure include: a capture operation is performed that loads a plurality of master input (PI) bits into corresponding shift registers of a plurality of Test Data Registers (TDRs) disposed on the one or more digital semiconductor devices and configured to store a plurality of secret information bits. The method also includes performing a series of shift operations on the plurality of TDRs to obtain a plurality of output bits. The method further comprises the following steps: applying, by the authentication processor, a derivation function to the plurality of output bits to extract a plurality of secret information bits to authenticate the one or more digital semiconductor devices.
According to some aspects, the PI port of a first TDR of the plurality of TDRs is set to logic high or logic low based at least in part on the plurality of secret information bits. According to some aspects, a PI port and a Primary Output (PO) port of a first TDR of the plurality of TDRs are connected to a network of digital logic gates. According to some aspects, the derivation function is based at least in part on a network of digital logic gates. According to some aspects, applying the derivation function includes reordering the plurality of output bits using a bitmap list. According to some aspects, the bitmap list is based at least in part on addresses of the multiple TDRs. According to some aspects, the plurality of secret information bits is a cryptographic key or a seed for a cryptographic key generator.
Some aspects of the present disclosure relate to a system for implementing hardware-based obfuscation of digital data. For example, some aspects of the present disclosure relate to a memory storing instructions and at least one processor coupled with the memory and executing the instructions. According to some aspects, the instructions, when executed, cause the at least one processor to perform a capture operation that loads a plurality of master input (PI) bits into corresponding shift registers of a plurality of Test Data Registers (TDRs) disposed on the one or more digital semiconductor devices and configured to store a plurality of secret information bits. According to some aspects, the instructions, when executed, further cause the processor to perform a series of shift operations on the plurality of TDRs to obtain a plurality of output bits. According to some aspects, the instructions, when executed, further cause the processor to apply a derivation function to the plurality of output bits to extract the plurality of secret information.
Some aspects of the present disclosure relate to a non-transitory computer-readable medium comprising stored instructions that, when executed by a processor, cause the processor to perform a capture operation that loads a plurality of master input (PI) bits into corresponding shift registers of a plurality of Test Data Registers (TDRs) disposed on one or more digital semiconductor devices and configured to store a plurality of secret information bits. According to some aspects, the instructions, when executed, cause the processor to apply a derivation function to a plurality of output bits obtained from the plurality of TDRs to extract a plurality of secret information bits to authenticate the one or more digital semiconductor devices.
This summary is not intended to provide a complete understanding of any particular innovation, embodiment, or example as it may be used in commerce. Furthermore, this summary is not intended to identify key or critical elements of the innovation, embodiment or example or to limit the scope of the disclosed subject matter. The innovations, embodiments and/or examples found in this disclosure are not all inclusive but rather describe the basic meaning of the subject matter. One use of the inventive content is therefore the preamble of the specific embodiments presented below.
Drawings
The present disclosure will be understood more fully from the detailed description given below and from the accompanying drawings of embodiments of the disclosure. The drawings are intended to provide a further understanding and appreciation for the embodiments of the disclosure, and are not intended to limit the scope of the disclosure to these specific embodiments. Furthermore, the drawings are not necessarily drawn to scale.
FIG. 1 illustrates an example Test Data Register (TDR) bit in accordance with some aspects.
Fig. 2 illustrates an example method of providing a Primary Input (PI) of a TDR in accordance with some aspects.
Fig. 3 illustrates an example topology of registers in a test infrastructure of a semiconductor device according to some aspects.
Fig. 4 illustrates various components of an electronic system connected to a test network access infrastructure in accordance with some aspects.
Fig. 5 illustrates an example method for performing hardware-based obfuscation of digital data according to some aspects.
FIG. 6 depicts a diagram of an example computer system in which embodiments of the present disclosure may operate.
Fig. 7 depicts a flow diagram of various processes used during the design and manufacture of integrated circuits, in accordance with some embodiments of the present disclosure.
Detailed Description
Aspects of the present disclosure relate to hardware-based obfuscation of digital data.
Cryptographic keys stored in hardware devices (e.g., digital circuit devices) need to be used and hidden in order to establish trust between the device and its external security infrastructure. In some embodiments, an un-provisioned system-on-a-chip (SoC) (e.g., a SoC immediately after manufacture that has not been verified or authenticated) may establish some degree of trust with an external device, such as via some form of authentication/verification. One way to do this is to hide the keying material in the SoC, which can be tested using protocols with external devices such as HSMs, thereby avoiding reliance on third party trusted sources.
The present disclosure provides an automated means of obfuscating or hiding keys, key sets, or other secret data in a digital circuit device, such as within a semiconductor device, using a multi-layer approach.
According to some aspects, bits of secret information may be hidden in a captured value of a Test Data Register (TDR). See, e.g., Joint Test Action Group (JTAG), Institute of Electrical and Electronics Engineers (IEEE) standard IEEE1149.1-2013, FIGS. 9-6 (PI inputs). For example, these inputs may be unused in some TDRs, allowing a circuit designer or engineer to set any of these digital inputs to a constant value, such as a logic 1 or a logic 0, without affecting the main circuit design.
According to some aspects, the hidden secret information bits may be placed in various physical locations around a device (e.g., SoC, semiconductor device, multi-chip module (MCM), Integrated Circuit (IC), or other digital device). The hidden information bits may be integrated into a fixed value logical cloud that is randomly configured on a given circuit layout board. Such logical clouds may also be spread around multiple physical locations during the layout process, which may make the logical clouds more difficult to identify or expose after reverse engineering processes such as layering (layering). Other unused capture values may be randomized in a manner that confuses useful and non-useful circuit elements. The order in which the bits are processed by the authentication client may also be kept secret.
Embodiments of the present disclosure provide technical advantages for preventing hardware-based attacks (e.g., layered or other side-channel attacks) that may allow an attacker to gain unauthorized access to private cryptographic key information. Embodiments herein also provide the following technical advantages: the secret key bits are hidden in the SOC using the SOC test infrastructure, making it difficult to reverse engineer the circuit to expose the secret bits on the SOC. Embodiments herein also provide the following technical advantages: the secret key bits are randomly hidden in the SoC such that different socs using this method will generate different patterns for the hidden bits, thereby mitigating the situation where corrupting the key corresponding to a single SoC during a reverse engineering attempt results in the keys corresponding to all other socs being compromised.
FIG. 1 illustrates an example Test Data Register (TDR) bit in accordance with some aspects. TDR 102 includes shift register 104 and update register 106. According to some aspects, the shift register 104 and the update register 106 are digital flip-flops (e.g., D-type flip-flops). According to some aspects, the test data register TDR 102 conforms to the JTAG IEEE1149.1-2013 standard specification. The signals named in FIG. 1 are consistent with the naming convention defined in IEEE1149.1 as referenced and described elsewhere herein for these types of registers. The test data register TDR has three modes of operation: capture mode, shift mode, and update mode. According to some aspects, during capture mode, the master input (PI)108 may be routed to the shift register 104. On the rising edge of the clock Data Register (DR) signal, the value of PI 108 may be captured into shift register 104, and the value previously stored in the shift register may be shifted out as Scan Out (SO)122 output.
According to some aspects, during shift mode, SO 122 may be passed to scan for the (SI) input 110 of the next TDR bit. During the update mode, on a rising edge of the update Data Register (DR)116 signal, the value stored in the update register 106 may be passed to the Primary Output (PO)124, and the value of the SO 122 of the shift register 104 may be stored in the update register 106.
According to some aspects, the power on reset 120 signal may be asserted and de-asserted to clear the update register 106. Thereafter, PO 124 may be used to form another TDR on the semiconductor device or the PI input of TDR 102. The instructions 118 may act as switches that trigger the shift register 104 and the update register 106. Clock DR 114 may trigger shift register 104 and update DR 116 may trigger update register 106 when instruction 118 is set to logic high. Furthermore, clock DR 114 cannot toggle shift register 104, and update DR 116 cannot toggle update register 106 when instruction 118 is set to logic low.
Since Electronic Design Automation (EDA) applications, such as design test (DFT) systems, use the nature of TDR, capture patterns and capture or observed values may be used infrequently. However, a capture event at shift register 104 may still occur, but in some cases no circuitry may respond to the event, or a static value may be captured in the shifting elements of the TDR, or the value may remain in state during the event, or DFT observations may be made to help debug faults in the TDR circuitry itself, to name a few non-limiting examples. The present system may utilize such an observation point to obfuscate or hide secret information, such as a cryptographic key or a seed for a cryptographic key generator. Further, in an example use case, a private key, such as a symmetric key (e.g., Advanced Encryption Standard (AES)) or an asymmetric private key (e.g., elliptic curve cryptography), may be hidden in a given device to begin establishing trust between the given device and its security infrastructure (internal and external).
According to some aspects, the update register of the TDR bit may be reset upon power-up or upon assertion of a Test Access Port (TAP) reset. If no update register is provided in the TDR, as is sometimes the case for some implementations, then shift register 104 can reset and drive the PO directly from its Q output.
Fig. 2 illustrates an example method of providing a PI input of a TDR according to some aspects. The PI 108 of the TDR may be set to logic high or logic low. According to some aspects, the digital semiconductor device may contain multiple TDRs, and a subset of the TDRs may be repurpose (repurpose) to obfuscate or hide secret information. The PI values of a subset of TDRs on a semiconductor device may be set to logic high or logic low according to a predetermined scheme.
According to some aspects, the PI value may be obtained from a logical cloud (key cloud 202). Fig. 2 shows TDRs 204 through 212 with PI inputs derived from key cloud 202, and the TDR's Primary Output (PO) is input back to key cloud 214. According to some aspects, key cloud 214 may include various digital logic gates (e.g., NAND gates and NOR gates, such as 214-220). Thus, key cloud 202 may be a network of digital logic gates. According to some aspects, key cloud 202 may be a predefined circuit such that given a PO value input into key cloud 202 and the structure of key cloud 202, a value of PI that is output may be determined. According to some aspects, the key cloud 214 may be a sub-component of the semiconductor device on which TDRs 204-212 are deployed. According to some aspects, key cloud 214 may be a network of digital logic gates deployed on a digital semiconductor device having TDRs 204 through 212. In key cloud 202, the PO and signal value (e.g., logic high "1") of the TDR may be input to a digital logic gate to generate the next PI value. The next PI value generated can then be used to drive the main input of another TDR. For example, PO of TDR 4204 may be combined with a logic high level using digital gate 216 to generate PI that may be input to TDR 3206.
According to some aspects, a subset of TDRs (e.g., TDRs 204-212) on a semiconductor device may be selected for hiding secret information bits. Each TDR may store a single bit of information. The subset of TDRs may be driven by a security engine or authentication processor that performs a series of operations (e.g., capture, shift, and update) to access the information bits stored in the subset of TDRs. According to some aspects, the security engine or authentication processor driving the subset of TDRs may correspond to a component of a test infrastructure defined in IEEE standard 1149.1, 1500, or 1687. The subsets of TDRs may be connected in series such that the SO of TDR204 is connected to the SI of TDR 206, the SO of TDR 206 is connected to the SI of TDR 208, the SO of TDR 208 is connected to the SI of TDR 210, and the SO of TDR 210 is connected to the SI of TDR 212. According to some aspects, the PI input of each TDR in the subset of TDRs may be set to a logic high or a logic low. According to some aspects, the PI input for each TDR in the subset of TDRs may be derived from key cloud 202. According to some aspects, a capture operation may be performed on a subset of TDRs to load the PI input of each TDR into the shift register of the corresponding TDR. Subsequently, a series of shift operations may be performed on the TDR to scan out the bits stored in the subset of TDRs.
Fig. 3 illustrates a topology of registers in a test infrastructure of a semiconductor device (e.g., a JTAG enabled device) according to some aspects. Furthermore, fig. 3 shows that access to a particular TDR bit containing some secret information bits can be blocked by a security policy that drives address decoding to the TDR of interest. The background of fig. 3 relates to an embodiment of an access architecture found in the core of a SoC that complies with the IEEE1500 Standard for Embedded Core Testing (SECT), e.g., with some modifications.
Data may be scanned serially through the IEEE1500 SECT core along a path from the Wrapper Serial Input (WSI)318 to the Wrapper Serial Output (WSO) 326. In a typical application, an address may be loaded into the Wrapper Instruction Register (WIR)316 when the SelectWIR 320 signal is asserted at the multiplexer 328. WIR 316 may then select the data register to scan when SelectWIR is deasserted. In some use cases, there may be no decoder block. WIR 316 may select the registers (e.g., registers 302 through 314) to be addressed. For example, when the value "0000" is loaded into WIR 316, then WBY register 314 may be selected at multiplexer 330. According to some aspects, the decoder of the logical cloud 332 feeds the address from the WIR 316, with additional signaling from the security policy generator testing the network access infrastructure. The bits of this policy may contain the outputs of electrical fuses (efuses) 322 from the SoC (e.g., "Bit 0" and "Bit 1" of the electrical fuses) and control signals ("Secure") from the security engine or boot processor 324, to name a few non-limiting examples. According to some aspects, the electrical fuse 322 may be an integrated circuit that controls the turning on and off of the power supply, and the boot processor may be an integrated circuit that executes a boot loader such as a high-level unified boot loader (GRUB) or Linux loader (LILO). According to some aspects, access to a particular register holding a secret value or bit may be blocked, suspending some authorization schemes from the policy engine of the SoC. According to some aspects, the policy engine may be implemented on a semiconductor device as part of the test network access infrastructure security engine 408. Additionally, according to some embodiments, the implementation of registers 302-314 may include at least one Linear Feedback Shift Register (LFSR). In another embodiment, the LFSR may be replaced by a Pseudo Random Number Generator (PRNG) or a cryptographic primitive, such as a stream cipher or a hash function.
Fig. 4 illustrates various components of an electronic system connected to a test network access infrastructure in accordance with some aspects. Components U1402 and U2404 may be logic portions of different hierarchical modules, chips in a multi-chip module, or semiconductor devices. According to some aspects, U1402 and U2404 may include several TDRs. A subset of TDRs on each component may be repurposed to obfuscate or hide secret information bits. The subset of TDRs may be selected based on a predefined bitorder map 410 that includes a list of bitmaps. For example, of five TDRs in U1402, three TDRs (TDRs 3, 1, and 0) are used to hide the secret information bits. Further, in this example, of five TDRs in U2404, three TDRs (TDRs 1, 2, 3) are used to hide the secret information bits.
According to some aspects, a subset of TDRs on each module is selected, and a bitmap list may be generated based on the selected TDRs. In some embodiments, the bitmap list may include an identification of the selected TDRs, a location of the selected TDRs, and an order of the selected TDRs. In some embodiments, bitmap list 410 may include the addresses of selected TDRs. In some embodiments, the bitmap list is created based on the key cloud 202 as a network of digital logic gates.
Using fig. 4 to illustrate the system, the accompanying process may, according to some aspects, operate as follows.
The selected subset of TDRs on U1402 and U2404 may enter a reset state, e.g., upon power up. A bitmap list of the bitwise map 410 may be provided to the security engine 408, based on which bitwise map 410 a subset of TDRs on U1402 and U2404 is selected. Security engine 408 may determine which TDRs may need to be accessed to extract the hidden information bits. Security engine 408 may allow access to registers (e.g., registers 302-314) by setting a policy bit that enables security engine 408 to instruct test network access infrastructure 406 to select one of registers 320-314. The selection may require access to the test network access infrastructure 406 to set the WIR of the core to the appropriate address. Assertion of the clock DR signal may trigger a capture operation, whereby the PI input of each TDR is loaded into the shift register of the respective TDR, as described in fig. 1. Subsequently, a series of shift operations may be performed on the TDR to scan out the bits stored in the subset of TDRs. A derivation function (derivation function) based on the corresponding bit sequence map 410 may be applied to the scanned-out bits to obtain hidden information bits. According to some aspects, applying the derivation function may involve descrambling (unscramble) the bits of the scan output based on the bit order map 410. According to some aspects, applying the derivation function to obtain the hidden information bits may involve deleting one or more of the bits of the scan output, where the deleted bits may correspond to unused TDR bits in U1402 and U2404. Security engine 408 may then change the policy bit to lock access to the TDR. According to some aspects, the security engine 408 may continue to extract bits until the desired string of information bits is extracted.
Fig. 5 illustrates an example method for performing hardware-based obfuscation of digital data according to some aspects. Fig. 5 may be described with respect to elements of fig. 1-4. The method 500 may be performed by the computer system 600 of fig. 6. Method 500 may be performed using the TDR bit shown in fig. 1. The method 500 may be performed using the semiconductor components shown in fig. 2-4. The method 500 is not limited to the specific aspects depicted in those figures, and other systems may be used to perform the method, as will be understood by those skilled in the art. It should be understood that not all operations are required and that the operations may not be performed in the same order as shown in fig. 5.
At 502, TDRs located on one or more digital semiconductor devices are identified to obfuscate or conceal secret information bits. According to some aspects, a digital semiconductor device may contain several TDRs, and a subset of the TDRs may be used to hide information bits. Based on the selected subset of TDRs, a bitmap list may be created. In some embodiments, the bitmap list may include an address of the selected TDR, a location of the selected TDR on the one or more semiconductor devices, and an order of the selected TDRs. In some embodiments, the bitmap list may be based on a network of logic gates to which the subset of TDRs are connected.
According to some aspects, a subset of TDRs identified for the hidden information bits may be connected in series. According to some aspects, the subsets of TDRs identified for the hidden information bits may not be adjacent to each other, or may be located on different logical portions of one or more semiconductor devices.
At 504, a capture operation is performed to load a signal value at the PI input of each TDR in the subset of TDRs into the shift register of the respective TDR. According to some aspects, the PI input of each TDR in the subset of TDRs may be set to a logic high or a logic low. According to some aspects, the PI input for each TDR in the subset of TDRs may be derived from key cloud 202. According to some aspects, the PI input for each TDR in the subset of TDRs may be based on secret information bits.
At 506, a series of shift operations are performed on the plurality of TDRs to scan out a plurality of output bits. During a shift operation, a value at Shift Input (SI)112 may be loaded into shift register 104, and a value at Shift Output (SO)122 may be passed to the Scan Input (SI) input of the next TDR bit.
At 508, a derivation function is applied, by the security engine or the authentication processor, to the plurality of output bits obtained by performing the shift operation on the TDR to extract the secret information bits hidden in the TDR. According to some aspects, the security engine or authentication processor may be part of a test network access infrastructure. Applying the derivation function can include using the bitmap list to reorder or descramble the plurality of output bits according to the bit order map 410. Applying the derivation function can include using a bitmap list to select a subset of the plurality of output bits that correspond to a subset of TDRs used to hide the secret information bits. Thus, applying the derivation function may include deleting one or more bits from the plurality of output bits, where the deleted bits may correspond to unused TDR bits. According to some aspects, the derivation function may be based on a configuration of one or more key cloud circuits. According to some aspects, extracting the secret information bits authenticates one or more digital semiconductor devices that include the TDR.
Fig. 6 illustrates an example machine of a computer system 600 within which a set of instructions for causing the machine to perform any one or more of the methodologies discussed herein may be executed. In alternative implementations, the machine may be connected (e.g., networked) to other machines in a LAN, an intranet, an extranet, and/or the internet. The machine may operate in the capacity of a server or a client machine in a client-server network environment, as a peer machine in a peer-to-peer (or distributed) network environment, or as a server or a client machine in a cloud computing infrastructure or environment.
The machine may be a Personal Computer (PC), a tablet PC, a set-top box (STB), a Personal Digital Assistant (PDA), a cellular telephone, a web appliance, a server, a network router, switch or bridge, or any machine capable of executing a set of instructions (sequential or otherwise) that specify actions to be taken by that machine. Further, while a single machine is illustrated, the term "machine" shall also be taken to include any collection of machines that individually or jointly execute a set (or multiple sets) of instructions to perform any one or more of the methodologies discussed herein.
The example computer system 600 includes a processing device 602, a main memory 604 (e.g., Read Only Memory (ROM), flash memory, Dynamic Random Access Memory (DRAM) such as synchronous DRAM (sdram), static memory 606 (e.g., flash memory, Static Random Access Memory (SRAM), etc.), and a data storage device 618, which communicate with each other via a bus 830.
The processing device 602 represents one or more processors, such as a microprocessor, central processing unit, or the like. More specifically, the processing device may be a Complex Instruction Set Computing (CISC) microprocessor, Reduced Instruction Set Computing (RISC) microprocessor, Very Long Instruction Word (VLIW) microprocessor, or processor implementing other instruction sets, or processors implementing a combination of instruction sets. The processing device 602 may also be one or more special-purpose processing devices such as an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), network processor, or the like. The processing device 602 may be configured to execute the instructions 626 for performing the operations and steps described herein.
The computer system 600 may also include a network interface device 608 to communicate over a network 620. Computer system 600 may also include a video display unit 610 (e.g., a Liquid Crystal Display (LCD) or a Cathode Ray Tube (CRT)), an alphanumeric input device 612 (e.g., a keyboard), a cursor control device 614 (e.g., a mouse), a graphics processing unit 622, a signal generation device 616 (e.g., a speaker), the graphics processing unit 622, a video processing unit 628, and an audio processing unit 832.
The data storage device 618 may include a machine-readable storage medium 624 (also referred to as a non-transitory computer-readable medium) on which is stored one or more sets of instructions 626 or software embodying any one or more of the methodologies or functions described herein. The instructions 626 may also reside, completely or at least partially, within the main memory 604 and/or within the processing device 602 during execution thereof by the computer system 600, the main memory 604 and the processing device 602 also constituting machine-readable storage media.
In some implementations, the instructions 626 include instructions for implementing functionality corresponding to the present disclosure. While the machine-readable storage medium 624 is shown in an example implementation to be a single medium, the term "machine-readable storage medium" should be taken to include a single medium or multiple media (e.g., a centralized or distributed database, and/or associated caches and servers) that store the one or more sets of instructions. The term "machine-readable storage medium" shall also be taken to include any medium that is capable of storing or encoding a set of instructions for execution by the machine and that cause the machine and processing device 602 to perform any one or more of the methodologies of the present disclosure. The term "machine-readable storage medium" shall accordingly be taken to include, but not be limited to, solid-state memories, optical media, and magnetic media.
Some portions of the preceding detailed descriptions have been presented in terms of algorithms and symbolic representations of operations on data bits within a computer memory. These algorithmic descriptions and representations are the means used by those skilled in the data processing arts to most effectively convey the substance of their work to others skilled in the art. An algorithm may be a series of operations that produce a desired result. The operations are those requiring physical manipulations of physical quantities. Such quantities may take the form of electrical or magnetic signals capable of being stored, combined, compared, and otherwise manipulated. Such signals may be referred to as bits, values, elements, symbols, characters, terms, numbers, or the like.
It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely convenient labels applied to these quantities. Unless specifically stated otherwise as apparent from the present disclosure, it is appreciated that throughout the description, certain terms refer to the actions and processes of a computer system, or similar electronic computing device, that manipulates and transforms data represented as physical (electronic) quantities within the computer system's registers and memories into other data similarly represented as physical quantities within the computer system memories or registers or other such information storage devices.
The present disclosure also relates to apparatus for performing the operations herein. This apparatus may be specially constructed for the desired purposes, or it may comprise a computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, and magnetic-optical disks, read-only memories (ROMs), Random Access Memories (RAMs), EPROMs, EEPROMs, magnetic or optical cards, or any type of media suitable for storing electronic instructions, and each coupled to a computer system bus.
The algorithms and displays presented herein are not inherently related to any particular computer or other apparatus. Various other systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct a more specialized apparatus to perform the method. In addition, the present disclosure is not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the disclosure as described herein.
The present disclosure may be provided as a computer program product or software which may include a machine-readable medium having stored thereon instructions which may be used to program a computer system (or other electronic devices) to perform a process according to the present disclosure. A machine-readable medium includes any mechanism for storing information in a form readable by a machine (e.g., a computer). For example, a machine-readable (e.g., computer-readable) medium includes a machine (e.g., computer) -readable storage medium, such as read only memory ("ROM"), random access memory ("RAM"), magnetic disk storage media, optical storage media, flash memory devices, and so forth.
FIG. 7 illustrates an exemplary set of processes 700 used during design, verification, and manufacture of an article of manufacture, such as an integrated circuit, for converting and verifying design data and instructions representing the integrated circuit. Each of these processes may be constructed and implemented as a number of modules or operations. The term "EDA" denotes the term "electronic design automation". The processes begin with the creation of a product idea 710 using information provided by a designer that is transformed to create information for a product using a set of EDA processes 712. When the design is complete, the design is taped out 734, which refers to the artwork (e.g., geometric patterns) of the integrated circuit being sent to a fabrication device to fabricate mask sets that are then used to fabricate the integrated circuit. After tape out, the semiconductor die is fabricated 736 and packaging and assembly processes 738 are performed to produce the finished integrated circuit 740.
The specifications of a circuit or electronic structure may range from low-level transistor material layouts to high-level description languages. High levels of abstraction can be used to design circuits and systems using hardware description languages ("HDL") such as VHDL, Verilog, systemveilog, SystemC, MyHDL, or OpenVera. The HDL description may be converted to a logic level register transfer level ("RTL") description, a gate level description, a layout level description, or a mask level description. Each lower abstraction level, which is a more detailed description, adds more useful details to the design description, e.g., more details of the modules that comprise the description. The lower abstraction level, which is a more detailed description, may be computer generated, derived from a design library, or created by another design automation process. An example of a specification language for a lower abstraction level language for specifying a more detailed description is SPICE, which is used for detailed description of circuits with many analog components. The description of each abstraction level is enabled for use by a corresponding tool (e.g., formal verification tool) at that layer. The design process may use the sequence depicted in fig. 7. The described process can be enabled by an EDA product (or tool).
During system design 714, the functionality of the integrated circuit to be fabricated is specified. The design may be optimized for desired characteristics such as power consumption, performance, area (physical and/or code lines), and cost reduction. At this stage, the design may be divided into different types of modules or components.
During logic design and functional verification 716, modules or components in the circuit are specified in one or more description languages and the specification is checked for functional accuracy. For example, components of the circuit may be verified to generate an output that is adapted to the requirements of the specifications of the circuit or system being designed. Functional verification may use simulators and other programs, such as test bench generators, static HDL checkers, and formal verifiers. In some embodiments, a special system of components, referred to as a "simulator" or "prototype system," is used to accelerate functional verification.
During synthesis and design for testing 718, the HDL code is converted to a netlist. In some embodiments, the netlist may be a graph structure, where edges of the graph structure represent components of a circuit, and where nodes of the graph structure represent how the components are interconnected. Both the HDL code and the netlist are hierarchical artifacts that can be used by EDA products to verify whether an integrated circuit is operating according to a specified design at the time of manufacture. The netlist can be optimized for the target semiconductor manufacturing technology. In addition, the completed integrated circuit may be tested to verify that the integrated circuit meets specification requirements.
During netlist verification 720, the netlist is checked for compliance with timing constraints and for correspondence with the HDL code. During design planning 722, an overall layout of the integrated circuit is constructed and analyzed for timing and top-level routing.
During the placement or physical implementation 724, physical placement (positioning of circuit components such as transistors or capacitors) and routing (connecting circuit components by multiple conductors) is performed, and selection of cells from the library to implement a particular logic function may be performed. As used herein, the term "cell" may specify a set of transistors, other components, and interconnects that provide a boolean logic function (e.g., and, or, not, exclusive or) or a storage function, such as a flip-flop or latch. As used herein, a circuit "block" may refer to two or more units. Both the unit and the circuit block may be referred to as modules or components and are implemented as physical structures and in simulations. Parameters, such as dimensions, are specified for the selected cells (based on "standard cells") and made accessible in the database for use by the EDA product.
During analysis and extraction 726, circuit functionality is verified at the layout level, which allows for refinement of the layout design. During physical verification 728, the layout design is checked to ensure that manufacturing constraints are correct, such as DRC constraints, electrical constraints, lithography constraints, and to ensure that circuit functionality is adapted to the HDL design specification. During resolution enhancement 730, the geometry of the layout is transformed to improve the way in which the circuit design is manufactured.
During tape-out, data is created for (after applying lithographic enhancements where appropriate) the production of lithographic masks. During mask data preparation 732, the "tape-out" data is used to create a photolithographic mask that is used to create a finished integrated circuit.
The storage subsystem of a computer system (such as computer system 600 of FIG. 6) can be used to store the programs and data structures used by some or all of the EDA products described herein, as well as the units for developing libraries and the products for physical and logical design using libraries.
In the foregoing disclosure, implementations of the present disclosure have been described with reference to specific example implementations thereof. It will be apparent that various modifications may be made to these implementations without departing from the scope of the embodiments of the disclosure as set forth in the following claims. Where the disclosure refers to some elements in the singular, more than one element may be depicted in the figures, and like elements are numbered alike. The present disclosure and figures are, therefore, to be regarded in an illustrative rather than a restrictive sense.

Claims (20)

1. A method, comprising:
performing a capture operation that loads a plurality of master input PI bits into corresponding shift registers of a plurality of test data registers TDR disposed on one or more digital semiconductor devices and configured to store a plurality of secret information bits;
performing a series of shift operations on the plurality of TDRs to obtain a plurality of output bits;
applying, by a processor, a derived function to the plurality of output bits to extract the plurality of secret information bits to authenticate the one or more digital semiconductor devices.
2. The method of claim 1, wherein a PI port of a first TDR of the plurality of TDRs is set to logic high or logic low based at least in part on the plurality of secret information bits.
3. The method of claim 1, wherein the PI port and the primary output PO port of a first TDR of the plurality of TDRs are connected to a network of digital logic gates.
4. The method of claim 3, wherein the PI of a second TDR of the plurality of TDRs is based on the PO of the first TDR of the plurality of TDRs.
5. The method of claim 3, wherein the derivation function is based at least in part on the network of digital logic gates.
6. The method of claim 1, wherein applying the derivation function comprises: reordering the plurality of output bits using a bitmap list.
7. The method of claim 5, wherein the bitmap list is based at least in part on addresses of the plurality of TDRs.
8. The method of claim 1, wherein the plurality of secret information bits are a cryptographic key or a seed for a cryptographic key generator.
9. A system, comprising:
a memory storing instructions; and
at least one processor coupled with the memory and configured to execute the instructions, which when executed, cause the at least one processor to:
performing a capture operation that loads a plurality of master input PI bits into corresponding shift registers of a plurality of test data registers TDR disposed on one or more digital semiconductor devices and configured to store a plurality of secret information bits;
performing a series of shift operations on the plurality of TDRs to obtain a plurality of output bits;
applying a derivation function to the plurality of output bits to extract the plurality of secret information bits.
10. The system of claim 8, wherein the PI port of a first TDR of the plurality of TDRs is set to logic high or logic low based at least in part on the plurality of secret information bits.
11. The system of claim 8, wherein the PI port and the primary output PO port of a first TDR of the plurality of TDRs are connected to a network of digital logic gates.
12. The system of claim 10, wherein the derivation function is based at least in part on the network of digital logic gates.
13. The system of claim 8, wherein applying the derivation function comprises: reordering the plurality of output bits using a bitmap list.
14. The system of claim 12, wherein the bitmap is based at least in part on addresses of the plurality of TDRs.
15. The system of claim 8, wherein the plurality of information bits are a cryptographic key or a seed for a cryptographic key generator.
16. A non-transitory computer readable medium, CRM, comprising stored instructions that, when executed by a processor, cause the processor to:
performing a capture operation that loads a plurality of master input PI bits into corresponding shift registers of a plurality of test data registers TDR disposed on one or more digital semiconductor devices and configured to store a plurality of secret information bits;
applying a derivation function to a plurality of output bits obtained from the plurality of TDRs to extract the plurality of secret information bits to authenticate the one or more digital semiconductor devices.
17. The non-transitory CRM of claim 15, wherein the PI port of a first TDR of the plurality of TDRs is set to a logic high or a logic low based at least in part on the plurality of secret information bits.
18. The non-transitory CRM of claim 15, wherein a PI port and a primary output PO port of a first TDR of the plurality of TDRs is connected to a network of digital logic gates.
19. The non-transitory CRM of claim 17, wherein the derivation function is based at least in part on the network of digital logic gates.
20. The non-transitory CRM of claim 15, wherein applying the derivation function comprises: reordering the plurality of output bits using a bitmap list.
CN202111582192.8A 2020-12-22 2021-12-22 Hardware-based obfuscation of digital data Pending CN114721933A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US202063129354P 2020-12-22 2020-12-22
US63/129,354 2020-12-22

Publications (1)

Publication Number Publication Date
CN114721933A true CN114721933A (en) 2022-07-08

Family

ID=82023543

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111582192.8A Pending CN114721933A (en) 2020-12-22 2021-12-22 Hardware-based obfuscation of digital data

Country Status (2)

Country Link
US (1) US12067091B2 (en)
CN (1) CN114721933A (en)

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5231314A (en) * 1992-03-02 1993-07-27 National Semiconductor Corporation Programmable timing circuit for integrated circuit device with test access port
US9374219B2 (en) * 2014-11-24 2016-06-21 Advanced Micro Devices, Inc. Method and apparatus for securing access to an integrated circuit
JP6471130B2 (en) * 2016-09-20 2019-02-13 ウィンボンド エレクトロニクス コーポレーション Semiconductor device and security system

Also Published As

Publication number Publication date
US20220197982A1 (en) 2022-06-23
US12067091B2 (en) 2024-08-20

Similar Documents

Publication Publication Date Title
Guin et al. Robust design-for-security architecture for enabling trust in IC manufacturing and test
Patnaik et al. Obfuscating the interconnects: Low-cost and resilient full-chip layout camouflaging
Shamsi et al. Cross-lock: Dense layout-level interconnect locking using cross-bar architectures
Jacob et al. Hardware Trojans: current challenges and approaches
Rangarajan et al. Opening the doors to dynamic camouflaging: Harnessing the power of polymorphic devices
US20190305927A1 (en) Bitstream security based on node locking
US11657127B2 (en) Hardware intellectual property protection through provably secure state-space obfuscation
Shakya et al. Introduction to hardware obfuscation: Motivation, methods and evaluation
CN108063664B (en) Configuration-based cryptographic key generation system
US10691855B2 (en) Device and method for detecting points of failures
Rahman et al. O'clock: lock the clock via clock-gating for soc ip protection
Karmakar et al. Hardware IP protection using logic encryption and watermarking
Sumathi et al. A review on HT attacks in PLD and ASIC designs with potential defence solutions
Kumar et al. Secure split test techniques to prevent IC piracy for IoT devices
Kolhe et al. LOCK&ROLL: Deep-learning power side-channel attack mitigation using emerging reconfigurable devices and logic locking
Kolhe et al. Securing hardware via dynamic obfuscation utilizing reconfigurable interconnect and logic blocks
Zamanzadeh et al. Higher security of ASIC fabrication process against reverse engineering attack using automatic netlist encryption methodology
Hoque et al. Trust issues in cots: The challenges and emerging solution
Kumar et al. Physical unclonable functions for on-chip instrumentation: Enhancing the security of the internal joint test action group network
US12067091B2 (en) Hardware-based obfuscation of digital data
Saha et al. Embedding of signatures in reconfigurable scan architecture for authentication of intellectual properties in system‐on‐chip
Ali et al. Design of a BIST implemented AES crypto-processor ASIC
Limaye et al. Antidote: Protecting debug against outsourced test entities
Kagaris A unified method for phase shifter computation
Miketic et al. Phasecamouflage: Leveraging adiabatic operation to thwart reverse engineering

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination